Relay users increase globally from about 800K to over 5M, when computers in the ​Mevade/Sefnit botnet began using Tor to communicate. The user count decreased in the following months through efforts to clean up the botnet. Sometime in 2014-04, the botnet switched from using Tor to using SSH.

Outage of meek-amazon caused by an expired certificate. As a result of being rebooted, the bridge also changes its fingerprint from 4EE0CC769EB4B15A872F742EDE27D298A59DCADE to 6DDD1DB8526282837C50E9AB5D14AB50150CD624.

The fingerprint of the meek-amazon bridge changes, as a result of begin rebooted. Released Tor Browsers with the former fingerprint are unable to connect. The fingerprint changed from 4EE0CC769EB4B15A872F742EDE27D298A59DCADE to 6DDD1DB8526282837C50E9AB5D14AB50150CD624, then again to B9E7141C594AF25699E0079C1F0146F409495296. The new fingerprint shipped with Tor Browser 5.0.4 and 5.5a4 on 2015-11-04.

Altered the performance settings on the meek-google App Engine instance. Set max idle instances to 2 and min pending latency to 1000 ms. This used to be configured through the web interface but is now configured in an application file, which at some point caused the settings from 2015-02-28 to be lost.

2015-10-30

meek

Further rate-limited the meek-azure bridge to 0.8 MB/s, from 1.1 MB/s.

Iran intensifies the blocking begun on 2016-08-20, getting most of the remaining direct users. There is interference in the graphs from the bridge authority changeover on 2016-09-02, but because the changeover would not have affected counts of direct users, it may be a coincidence.

Outage of default obfs3 bridges "Unnamed" and "Unnamed" (fingerprint ​AF9F66B7B04F8FF6F32D455F05135250A16543C9). (Start date not known for sure, though it must have been after 2016-09-23; discussed in non-archived tor-team email.)

2016-09-24

obfs3

Default obfs3 bridge LeifEricson upgrades and begins reporting statistics to the new bridge authority Bifroest. This is the last obfs3 bridge that hadn't upgraded.

2016-09-24

obfs4

Default obfs4 bridge LeifEricson upgrades and begins reporting statistics to the new bridge authority Bifroest. This is the last obfs4 bridge that hadn't upgraded.

2016-09-28

meek

Rate limit on the meek-amazon bridge returns to 3.0 MB/s, having been set to about 1.0 MB/s for some time, cause uncertain.

2016-10-02

2016-10-03

eg

<OR> relay

Reports that direct connections from Egypt are blocked; bridges are required. Maybe be the same as the block beginning 2016-10-25.

Tor Browser 6.5a6 is released. It fixes the app.update.url. It adds (uncomments) the default obfs4 bridge NX01:443. It activates timing obfuscation for certain obfs4 bridges. It changes the port of other obfs4 bridges.

Tor Browser 7.0a3 is released. It changes the app.update.url. It removes the last remaining scramblesuit bridge. It changes the meek-amazon backend. It adds the new default obfs4 bridges cymrubridge31:80 and cymrubridge33:80.

Ukraine blocks Russian-operated web services. Relay and bridge users increase over 5×. May be partly attributable to the ​FreeU Browser , a browser produced and advertised by Mail.ru that includes a tor client.

Default obfs4 bridge LeifEricson rejects connections due to a broken firewall forwarding rule. This didn't affect the bridges "real" obfs4 port, but it did affect the port at that time configured in Tor Browser.

Sustained increase in meek users in Brazil. Locals believe that they are not actual users, rather bots or something like that. End date coincides with shutdown of meek-azure before migration. Would pick up again 2017-06-07.

Increase of relay users in Romania, from 10k to 40k. Bridge users not affected. Stopped at the same time as increases in the Netherlands, Lithuania, and the Seychelles. Another increase began immediately after.

Steady drop in the number of relay users in Germany, from 1.5M to 650k. (Drop coincides with the release of tor 0.3.2.10, 0.3.1.10, and 0.2.9.15, which offer better resistance against DoS attacks; as well as improvements in speed for downloads from onions ​graph; see this ​graph as well. More datapoints: DDoS of the network happened ​around the time that saw an increase in the number of relay users in Germany, see entry above or ​graph)